Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing

被引:0
|
作者
Zheng H. [1 ]
Chen J. [1 ,2 ]
Zhang Y. [1 ]
Zhang X. [3 ]
Ge C. [4 ]
Liu Z. [4 ]
Ouyang Y. [5 ]
Ji S. [6 ]
机构
[1] College of Information Engineering, Zhejiang University of Technology, Hangzhou
[2] Cyberspace Security Research Institute, Zhejiang University of Technology, Hangzhou
[3] College of Control Science and Engineering, Zhejiang University, Hangzhou
[4] College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing
[5] Nanjing Research Center, Huawei Technologies Co., Ltd., Nanjing
[6] College of Computer Science and Technology, Zhejiang University, Hangzhou
来源
Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2021年 / 58卷 / 08期
基金
中国国家自然科学基金;
关键词
Adversarial attack; Deep neural network; Defense; Natural language processing; Robustness;
D O I
10.7544/issn1000-1239.2021.20210304
中图分类号
学科分类号
摘要
With the rapid development of artificial intelligence, deep neural networks have been widely applied in the fields of computer vision, signal analysis, and natural language processing. It helps machines process understand and use human language through functions such as syntax analysis, semantic analysis, and text comprehension. However, existing studies have shown that deep models are vulnerable to the attacks from adversarial texts. Adding imperceptible adversarial perturbations to normal texts, natural language processing models can make wrong predictions. To improve the robustness of the natural language processing model, defense-related researches have also developed in recent years. Based on the existing researches, we comprehensively detail related works in the field of adversarial attacks, defenses, and robustness analysis in natural language processing tasks. Specifically, we first introduce the research tasks and related natural language processing models. Then, attack and defense approaches are stated separately. The certified robustness analysis and benchmark datasets of natural language processing models are further investigated and a detailed introduction of natural language processing application platforms and toolkits is provided. Finally, we summarize the development direction of research on attacks and defenses in the future. © 2021, Science Press. All right reserved.
引用
收藏
页码:1727 / 1750
页数:23
相关论文
共 106 条
  • [71] Ganin Y, Ustinova E, Ajakan H, Et al., Domain-adversarial training of neural networks, The Journal of Machine Learning Research, 17, 1, pp. 2096-2030, (2016)
  • [72] Coavoux M, Narayan S, Cohen S., Privacy-preserving neural representations of text, Proc of the Conf on Empirical Methods in Natural Language Processing, pp. 1-10, (2018)
  • [73] Li Jinfeng, Ji Shouling, Du Tianyu, Et al., TextBugger: Generating adversarial text against real-world applications, Proc of the 26th Annual Network and Distributed System Security Symp, pp. 1-15, (2019)
  • [74] Tong Xin, Wang Luona, Wang Runzheng, Et al., A generation method of word-level adversarial samples for Chinese text classification, Netinfo Security, 20, 9, pp. 12-16, (2020)
  • [75] Jones E, Jia R, Raghunathan A, Et al., Robust encodings: A framework for combating adversarial typos, Proc of the 58th Annual Meeting of the Association for Computational Linguistics, pp. 2752-2765, (2020)
  • [76] Tan S, Joty S, Varshney L, Et al., Mind your inflections! Improving NLP for non-standard english with base-inflection encoding, Proc of the Conf on Empirical Methods in Natural Language Processing, pp. 5647-5663, (2020)
  • [77] Wang Xiaosen, Jin Hao, He Kun, Natural language adversarial attack and defense in word level, pp. 1-16, (2019)
  • [78] Sakaguchi K, Duh K, Post M, Et al., Robsut wrod reocginiton via semi-character recurrent neural network, Proc of the 31st AAAI Conf on Artificial Intelligence, pp. 3281-3287, (2017)
  • [79] Mozes M, Stenetorp P, Kleinberg B, Et al., Frequency-guided word substitutions for detecting textual adversarial examples, Proc of the 16th Conf of the European Chapter of the Association for Computational Linguistics, pp. 171-186, (2021)
  • [80] Ko Y, Fujita H., An evidential analytics for buried information in big data samples: Case study of semiconductor manufacturing, Information Sciences, 486, pp. 190-203, (2019)
234567891011